CVE-2023-47611 | THREATINT

Description

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

PUBLISHED Reserved 2023-11-07 | Published 2023-11-10 | Updated 2024-08-02 | Assigner Kaspersky

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-269: Improper Privilege Management

Product status

Default status

unaffected

* (custom) before 2.000 ARN 01.001.08

affected

Default status

unaffected

* (custom) before 4.013 ARN 01.000.06

affected

Default status

unaffected

* (custom) before 4.000

affected

Default status

unaffected

* (custom) before 4.013 ARN 01.000.06

affected

Default status

unaffected

* (custom) before 2.000

affected

Default status

unaffected

* (custom) before 2.000 ARN 00.000.20

affected

Default status

unaffected

* (custom) before 3.001 ARN 00.000.49

affected

Default status

unaffected

* (custom) before 4.013 ARN 01.000.06

affected

Default status

unaffected

* (custom) before 4.013 ARN 01.000.06

affected

Default status

unaffected

* (custom) before 3.011 ARN 00.000.60

affected

Default status

unaffected

* (custom) before 4.013 ARN 01.000.06

affected

Default status

unaffected

* (custom) before 1.000

affected

Default status

unaffected

* (custom) before 1.004 ARN 00.003.01

affected

Default status

unaffected

* (custom) before 1.005 ARN 00.005.01

affected

Default status

unaffected

* (custom) before 1.000

affected

Default status

unaffected

* (custom) before 1.000 ARN 00.030.01

affected

Default status

unaffected

* (custom) before 1.000 ARN 00.032.02

affected

Default status

unaffected

* (custom) before 2.000 ARN 01.000.03

affected

Default status

unaffected

* (custom) before 2.000 ARN 01.000.03

affected

Default status

unaffected

* (custom) before 1.000 ARN 00.026.01

affected

Default status

unaffected

* (custom) before 1.000 ARN 00.032.02

affected

Default status

unaffected

* (custom) before 1.01 ARN 00.028.01

affected

Default status

unaffected

* (custom) before 2.012 ARN 01.000.05

affected

Default status

unaffected

* (custom) before 4.000

affected

Default status

unaffected

* (custom) before 4.000 ARN 01.000.05

affected

Default status

unaffected

* (custom) before 5.001 ARN 01.000.04

affected

Default status

unaffected

* (custom) before 5.012

affected

Default status

unaffected

* (custom) before 5.012 ARN 01.000.05

affected

Default status

unaffected

* (custom) before 3.001

affected

Default status

unaffected

* (custom) before 3.001 ARN 00.000.32

affected

Default status

unaffected

* (custom) before 4.013 ARN 01.000.06

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

* (custom) before 2.01

affected

Default status

unaffected

* (custom) before 2.01 ARN 01.000.05

affected

Timeline

2023-02-21:	Issue discovered by Kaspersky ICS CERT
2023-04-27:	Confirmed by Telit Cinterion

Credits

Alexander Kozlov from Kaspersky finder

Sergey Anufrienko from Kaspersky finder

References

ics-cert.kaspersky.com/...rivilege-management-vulnerability/ (KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability) third-party-advisory

cve.org (CVE-2023-47611)

nvd.nist.gov (CVE-2023-47611)

Download JSON